cxf git commit: [CXF-7297] Checking if scopesRequiringNoConsent includes all of the request scope values is enough

Mon, 03 Apr 2017 09:03:34 -0700 

Repository: cxf
Updated Branches:
  refs/heads/master 20c759872 -> c704db9f6


[CXF-7297] Checking if scopesRequiringNoConsent includes all of the request 
scope values is enough


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c704db9f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c704db9f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c704db9f

Branch: refs/heads/master
Commit: c704db9f67f5baef0fdbbe8dc583b8017dfb917f
Parents: 20c7598
Author: Sergey Beryozkin <sberyoz...@gmail.com>
Authored: Mon Apr 3 17:03:06 2017 +0100
Committer: Sergey Beryozkin <sberyoz...@gmail.com>
Committed: Mon Apr 3 17:03:06 2017 +0100

----------------------------------------------------------------------
 .../rs/security/oauth2/services/RedirectionBasedGrantService.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c704db9f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 7646469..ca4b800 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -247,8 +247,7 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
                                                   List<OAuthPermission> 
permissions) {
         return scopesRequiringNoConsent != null
                && requestedScope != null
-               && requestedScope.size() == scopesRequiringNoConsent.size()
-               && requestedScope.containsAll(scopesRequiringNoConsent);
+               && scopesRequiringNoConsent.containsAll(requestedScope);
     }
 
     /**

Reply via email to